wpcompress CVE Vulnerabilities & Metrics

Focus on wpcompress vulnerabilities and metrics.

Last updated: 12 May 2026, 22:25 UTC

About wpcompress Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with wpcompress. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total wpcompress CVEs: 6
Earliest CVE date: 09 Apr 2024, 19:15 UTC
Latest CVE date: 04 Jul 2025, 12:15 UTC

Latest CVE reference: CVE-2025-47479

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -75.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -75.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical wpcompress CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS wpcompress CVEs

These are the five CVEs with the highest CVSS scores for wpcompress, sorted by severity first and recency.

CVE-2025-47479 wpcompress Published on 04 Jul 2025, 12:15 UTC (CVSS: 0)
Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.
CVE-2025-47546 wpcompress Published on 07 May 2025, 15:16 UTC (CVSS: 0)
Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.
CVE-2024-47384 wpcompress Published on 05 Oct 2024, 15:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13.
CVE-2024-4445 wpcompress Published on 14 May 2024, 16:17 UTC (CVSS: 0)
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite e...
CVE-2023-6812 wpcompress Published on 14 May 2024, 16:15 UTC (CVSS: 0)
The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

All CVEs for wpcompress

CVE-2025-47479 wpcompress vulnerability CVSS: 0 04 Jul 2025, 12:15 UTC

Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.

CVE-2025-47546 wpcompress vulnerability CVSS: 0 07 May 2025, 15:16 UTC

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.

CVE-2024-47384 wpcompress vulnerability CVSS: 0 05 Oct 2024, 15:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13.

CVE-2024-4445 wpcompress vulnerability CVSS: 0 14 May 2024, 16:17 UTC

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments.

CVE-2023-6812 wpcompress vulnerability CVSS: 0 14 May 2024, 16:15 UTC

The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CVE-2024-1934 wpcompress vulnerability CVSS: 0 09 Apr 2024, 19:15 UTC

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.